Managing Network Security Through Policies
- Analyze the importance of having acceptable use policies, remote access policies, and network security control policies. Choose one acceptable use policy, remote access policy, or network security control policy and give three reasons why you believe this policy is an effective way to manage network security.
Acceptable use policies (AUP) is perceived to a document that stipulates the practices and constraints that a user must comply with so as to be given the permission of accessing an organization’s internet or network. The AUP policies include certain rules, the consequences of breaking those rules, as well as the details regarding the philosophy of the organization for granting access. Remote access policies are the set of rules and requirements that are primarily designed for the purpose of minimizing potential exposure to damages, for instance, loss of data, internal systems, and intellectual property that arises for the illegal use of a company’s resources (Von & Von, 2009). Network security control policies is typically a formal document that is used for the purpose of outlining the procedures, guidelines, and principles that aid in enforcing, managing, as well as maintaining computer network security.
Encryption policy – with this policy, it means that the general access to personal data will have to be strictly controlled through encryption, for instance strong pass phrases and VPN (virtual private networks). The reason as to why this is best strategy is because it ensures that protection to computer network against unauthorized processes that have the potential of breaching its security (Vallabhaneni, 2019).
- Assess the risks and threats that may occur if these policies are underdeveloped or unavailable. Recommend three technical appliances that may be used to implement a network security function within your assessment and justify your recommendations.
The several damages that may arise in case these policies are unavailable or underdeveloped. They include loss of company’s confidential or sensitive data, damage to the company’s decisive internal systems, damage to public image, and increase in financial liabilities as a result of these losses. Some of the technical appliances that can be used include the use of VPNs (virtual private networks), password/s, and Third Party agreement. The reason for recommending these technical appliances is because they ensure that the general access to computer network will be strictly limited to authorized individuals who desire to prevent their data from illegal access (Frye, 2007).
Developing Personnel Security
- Determine three reasons why an organization should define the boundaries of control, identify personnel security functions based on risks, and manage change within the work force. Select what you believe to be the most important reason and explain why.
In the process of formulating rules and regulations that define the organization’s boundaries, it means that it becomes possible for workers, stakeholders, and the company itself to understand the kind of data or records that is vital to the wellbeing of the company as well as the external and internal forces that has the potential of affecting them (Dan & Arthur, 2011). Another reason is that becomes possible for the organization to have the ability of creating better policies that take into consideration processes, assets, as well as the manner in which workers access data or files on (Von & Von, 2009). Another reason is that it will facilitate the evaluation of security measures, whether physical or computer network-related as well as the anticipated potential solutions
- Propose three activities that could be performed by the Human Resources Department to screen and hire personnel effectively. Choose one activity you proposed and justify how it would support personnel security functions.
Identification of the existing position as well as evaluating need
Developing vacancy description
Developing the recruitment plan
As much as the above three activities are concerned, the Identification of the existing position as well as evaluating need is crucial because it will enable the HR department to align all the staff skill sets to the organizations goals and initiatives. As a result of that, the evaluation of the tasks to be executed will improve the ability of recognizing potential risks and refrain from any form of insecure behaviors. This will in return enhance the enforcement of policies that will continue to support personnel security functions (Dan & Arthur, 2011).
References
Dan, & Arthur, C. (2011). Cybersecurity: The Essential Body Of Knowledge. Cengage Learning, 2011
Frye, D. W. (2007). Network Security Policies and Procedures. Boston, MA : Springer Science+Business Media
VALLABHANENI. (2019). WILEY CIAEXCEL EXAM REVIEW 2019, PART 3: Business knowledge for internal auditing (wiley cia exam ... review series). Place of publication not identified: JOHN WILEY & Sons.
Von, S. S. H., & Von, S. R. (2009). Information security governance. New York, NY: Springer.